Hello,
I need to bring up a CA in my customers domain. They only need it for LDAPS, nothing else. I have been reading and it appears the easiest way would be to simply install it on a DC then LDAPS will be all ready to go. I have a few questions.
1: Does simply installing it on the DC in AD mode cause any changes that I should be concerned with? Can merely installing it cause a problem?
2: All my reading says, don't install on a DC. I was thinking of installing a standalone CA then issuing the cert to the DC. Is that a good strategy? As it is a standalone CA will we be able to back out easily if they want to use AD integrated CA for something in the future? Does installing a standalone CA pose any problem?
3: In the future, if we want to do a whole multi-tier PKI, it won't be hard to get out of this minimal installation right?
thanks!